How much should you pay for restaking security?

TL;DR

This paper addresses how much security to purchase for restaking-enabled networks by extending a prior restaking model with incentives and a realistic threat model. It introduces strictly submodular adversaries and node-operator rebalancing, and proves that appropriately chosen service rewards can bound cascade length, even under strategic operator behavior, via a local, dynamic incentive design. It provides a formal restaking-graph framework, analyzes overlap and overcollateralization, and offers a greedy, sequential-submodular optimization algorithm with provable approximation guarantees to compute near-optimal rewards. The work demonstrates that incentivized restaking can achieve secure levels without requiring globally strong overcollateralization, with practical implications for designing secure, capital-efficient restaking protocols. Overall, it advances the theory and algorithmic toolkit for aligning incentives to constrain cascading risk in decentralized restaking ecosystems.

Abstract

Restaking protocols have aggregated billions of dollars of security by utilizing token incentives and payments. A natural question to ask is: How much security do restaked services \emph{really} need to purchase? To answer this question, we expand a model of Durvasula and Roughgarden [DR24] that includes incentives and an expanded threat model consisting of strategic attackers and users. Our model shows that an adversary with a strictly submodular profit combined with strategic node operators who respond to incentives can avoid the large-scale cascading failures of~[DR24]. We utilize our model to construct an approximation algorithm for choosing token-based incentives that achieve a given security level against adversaries who are bounded in the number of services they can simultaneously attack. Our results suggest that incentivized restaking protocols can be secure with proper incentive management.

Figures (4)

• Figure 1: Example of a restaking graph $G = (S, V, E, \alpha, \sigma, \pi)$ with $S = \{s_1, s_2\}, V = \{v_1, v_2\}$, $E = \{(s_1, v_1), (s_1, v_2), (s_2, v_1), (s_2, v_2)\}$. We consider $f(\pi, A) = \sum_{s\in A} \pi_s$ as the profit function. Note that each individual service cannot be attacked here as $\pi_i < \sigma_i$ for $i \in \{1, 2\}$. However, the set $S$ might be vulnerable since the profitability condition \ref{['eq:costly-profit']}, $\pi_1 + \pi_2 > \sigma_i$ holds for the potential attack $(\{s_1, s_2\}, \{v_i\})\subset S \times V$. This attack is only valid, however, if $\sigma_i > \alpha_{s_j} (\sigma_1 + \sigma_2)$, which implies that we need to have $\alpha_{s_j} < \frac{1}{2}$ for $j\in \{1, 2\}$ for this to be an attack. So if $s_1, s_2$ were BFT protocols with $\alpha_s = \frac{1}{3}$, this graph would be insecure. However, if it they were longest-chain protocols with $\alpha_s = \frac{1}{2}$, it would be secure.
• Figure 2: An example of a cascading failure in a restaking network based on naveen-placeholder In this sequence of figures, black dots represent validators $v_i, i \in [12]$ and the red and blue boxes containing $v_i$ represent services $s_i, i \in [6]$. For this system, we have $\sigma_{v_i} = 1$ and $\alpha_{s_i} = 1$ for all $s_i, v_i$. We have $\pi_s = 2$ for the services represented by red boxes and $\pi_s = 4$ for the services represented by the blue boxes. One can view this as the hypergraph representation of a bipartite graph implicit in a restaking graph. When we go from the upper left diagram to the upper right diagram, we first have a loss of $\psi = \frac{1}{12}$, which represents the loss of a single node's stake. Losing this node's stake makes the left red box vulnerable as $\pi_s = 2\sigma_v$ when $s$ is a red box, which is represented when one goes from the upper right box to the middle right box in attack $(A_1, B_1)$. This leads to the bottom row becoming vulnerable as $\pi_s = 4\sigma_v$ when $s$ is a blue box (which is the attack $(A_2, B_2)$. This attack now leads the middle red service vulnerable and it is attacked in $(A_3, B_3)$. Finally, the remaining nodes in the blue service in the top row are vulnerable and attacked in $(A_4, B_4)$, leading to $R_{1/12}(G) = 1$
• Figure 3: A cascading attack halted by a rebalance. This is the same example as in Figure \ref{['fig:cascading-attack']}, except that rewards $r_s$ are chosen sufficiently high such that after the validator in the upper left corner is slashed, the adjacent validator in the upper blue service ( i.e. second from the left), joins the lower blue service. This leads to the cascading failure not being viable in that $(A_2, B_2)$ is no longer a valid attack after rebalancing. One can view this as an equilibrium condition: if we start in equilibrium, then every $(v, s) \in E$ must be profitable with impact. This implies that if they are slashed, then another validator with at most the same stake can profitably join the service after they're slashed (which is what the validator second from the left in the top row is doing).
• Figure 4: Example of a graph with overlap where the overlap controls the cascading likelihood

Theorems & Definitions (15)

• Theorem 1
• Claim 1: Step 1
• proof
• Claim 2: Step 2
• Lemma 1
• proof
• Claim 3: Step 3
• proof
• Claim 4
• proof